← Back to context

Comment by mrweasel

1 day ago

> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."

While I appreciate the zero-knowledge proofs is considered, how the hell did no one in charge of the app design think of this? It's is literally the first question I asked when I first heard about this app. You go to the app in a store to buy alcohol, you're asked to verify your age, but that's not what you're doing. Your simply showing the store that you have a phone, with and app, which was configured by some over 18 (maybe).

Honestly I don't think it's possible to verify that you're over 18 without also providing something like a photo ID (and even that is error prone).

You can probably do something online, where the website or app does some back channel communication to a server that verifies a token. Even that is going to have issues. You could add a "List of sites that has verified your age" option where you can revoke the verification, in case your nephew borrows your phone.

They are going to implement this and it will be "good enough", but I don't see this being 100% secure or correct.

13 comments

mrweasel

Reply
Sweepi  21 hours ago

Just like anyone can take anyone's credit card and go shopping - but in contrast Phones are (or at least can be) much more secure.

  • mrweasel  21 hours ago

    That's not what you're competing with. Your competing with a drivers license with a photo (not a great photo) and some countries have pretty easily faked drivers licenses, but others have drivers licenses in hard plastic with holographic features.

    The credit card doesn't work as age verification.

    • sofixa  20 hours ago

      We're talking about the EU here, where the standard form of ID is an ID card with very strict requirements, including multiple secure features and an NFC chip with the photo and some other information.

Mashimo  21 hours ago

How does the nephew unlock the phone and app?

  • mrweasel  21 hours ago

    If it's just a PIN, and the PIN is his aunts birthday, it might not be much of a challenge. We also have to consider the cases where the adult is complicit, in these cases the app is even less secure than photo ID (for store purchases, not necessarily online).

    • subscribed  16 hours ago

      If adult is "complicit" they can purchase the stuff for the kid anyway.

      Why is that even a scenario to discuss?